Checksums and signatures Checksums Checksums indicate the integrity of data thus allowing (accidental) modification detection. By verifying checksums, manipulations and data corruption can be detected. Checksums are calculated over valid, verified and non-corrupted data. When calculating the checksum again with the same algorithm (e.g., after a… Read More
Passwords Each (human) user of a system component needs to be identified and authenticated for all access. For that purpose, passwords can be used. Further authentication methods can be, for example, biometrics (e.g. finger print scanner, face recognition), tokens, physical keys, key cards or evaluating the geographic location of… Read More
Phoenix Contact industrial security guideline Introduction The increasing interconnection of systems, components, and devices as well as the growing amount of data to be transmitted and stored (in a word: the achievements of Industry 4.0) result in a higher risk of cyber attacks. This is also promoted… Read More
Data backup and restore General considerations on data backups Data loss may not be the result of careless or erroneous actions of authorized users or defects in storage media alone, but may also be the consequence of malicious deletion or encryption of your data by unauthorized intruders. Read More
Protection of project data on the hard disk and during transfer Engineering and parameterization tools (e.g. PLCnext Engineer) often store plain, i.e., unencrypted project data on the harddisk of your computer. The data is therefore unprotected against tampering and theft. Use a suitable encryption method: to… Read More
IT and OT/ICS: a comparison Note: The abbreviation ICS stands for Industrial Control System. With regard to security, a distinction must be made between different types of technology or networks: IT Information Technology Office (accounting, sales, management, …). Here, the ISO 27001 standard for the plant owner… Read More
Certificates What are certificates used for? Certificates can be used for the following: Securing communication connections between participants in your ICS. Participants can be, for example: Devices used to build automation infrastructures and systems (such as PLCnext Technology controllers, switches, etc.). Server and client… Read More
Technical PC hardening measures Any engineering tool, such as PLCnext Engineer, can manipulate devices or processes in your ICS. To reduce the risk of manipulation, perform security evaluations regularly. PC-based hardening and organization measures Protect any PCs used in automation solution environments against security-relevant manipulations. This… Read More
Anti-malware inspection The list of security incidents in industry is growing longer all the time: Stuxnet, Industroyer, TRITON, or WannaCry are examples of malware/ransomware which attacked SCADA systems, safety controllers etc. While anti-virus/anti-malware software is common and widespread on IT systems, OT components are often still unprotected. Read More
Logging and monitoring Log and status data as feedback for security improvements The early detection of security-relevant incidents as well of system errors and performance “bottlenecks” during operation or data transmission depends to a large extent on adequate logging and monitoring. In particular, log data and… Read More
